本文介绍了Helm作为Kubernetes的应用包管理器,如何简化应用部署、升级、分享和回滚。Helm使用Charts组织应用资源,通过Repository进行存储和分发。文章详细阐述了Charts、Repository、Release等核心概念,并讲解了Helm的安装步骤和常用命令,还展示了使用Helm安装MySQL的实战过程。
一、认识Helm
在之前的文章中的应用部署过程可知,在Kubernetes系统上面部署容器化应用时需要事先手动编写资源配置清单文件,而且其每一次的配置定义基本上都是硬编码。基本上无法实现复用。对于较大规模的应用场景、分发、版本控制、查找、回滚甚至是查看都将是用户的噩梦。Helm却可以大大的简化应用管理的难度。
简单来说,Helm就是Kubernetes的应用程序包管理器,类似于Linux系统之上的yum或apt-get等。可用于实现帮助用户查找、分享及使用Kubernetes应用程序,目前的版本由CNCF所维护。它的核心打包功能组件称为chart,可以帮助用户创建、安装及升级复杂应用。
Helm将Kubernetes的资源(如Deployment、Service或ConfigMap等)打包到一个Chart中,制作并测试完成的各个Charts将保存到Charts仓库进行存储和分发。另外,Helm实现了可配置的发布,它支持应用配置的版本管理,简化了Kubernetes部署应用的版本控制、打包、发布、删除和更新等操作。Helm的架构图如下图所示:
简单来说,Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成Charts,并通过Charts管理程序包,其使用优势可以简单总结为如下几个方面:
- 管理复杂应用:Charts能够描述哪怕是最复杂的程序结构,其提供了可重复使用的应用安装的定义。
- 易于升级:使用就地升级和自定义钩子来解决更新的难题。
- 简单分享:Charts易于通过公共或私有服务完成版本化、分享及主机创建。
- 回滚:可使用"helm rollback"命令轻松实现快速回滚。
二、Helm的核心术语及架构
Helm将Kubernetes应用的相关配置组织成Charts,并通过它完成应用的常规管理操作。通常来说,使用Charts管理应用的流程包括从0开始创建Charts、将Charts及其相关的文件打包为归档格式、将Charts存储于仓库(repository)中并与之交互、在Kubernetes集群中安装或卸载Charts以及管理经Helm安装的应用的版本发行周期,因此,对Helm来说,它具有以下几个关键概念:
- Charts:即一个Helm的程序包,它包含运行了一个Kubernetes应用所需要的镜像、依赖关系和资源的定义等等,必要时还会包含Service的定义;它类似于APT的dpkg文件或者yum的rpm文件。
- Repository:Charts的仓库,用于集中存储和分发Charts,类似于Perl的CPAN,或者Python的PYPI。
- Config:应用程序实例化安装运行时使用的配置信息。
- Release:应用程序实例化运行于Kubernetes集群中的一个Charts实例,在同一个集群上,一个Charts可以使用不同的Config重复安装多次,每次安装都会创建一个新的Release。
事实上,Charts更像是存储于Kubernetes集群之外的程序,它的每次安装是指在集群中使用专门配置运行一个实例,执行过程有点类似于在操作系统上基于程序启动一个进程。
Helm主要是由Helm客户端、Tiller服务器和Charts仓库(repository)组成。
Helm客户端是命令行客户端工具,采用Go语言编写,基于gRPC协议与Tiller server进行交互。它主要完成如下任务: - 本地Charts开发
- 管理Charts仓库
- 与Tiller服务器交互:发送Charts以安装、查询Release的相关信息以及升级或卸载已有的Release。
Tiller server是托管运行于Kubernetes集群之中的容器化服务应用,它接收来自Helm客户端的请求,并在必要时于Kubernetes API Server进行交互。它主要完成以下任务: - 监听来自于Helm客户端的请求。
- 合并Charts和配置以构建一个Release。
- 向Kubernetes集群安装Charts并对相应的Release进行跟踪。
- 升级和卸载Charts
通常,用户于Helm客户端本地遵循其格式编写Charts文件,而后即可部署于Kubernetes集群之上运行为一个特定的Release。仅在有分发需求时,才应该将同一应用的Charts文件打包成归档压缩格式提交到特定的Charts仓库。仓库既可以运行为公共托管平台,也可以是用户自建的服务器,仅供特定的组织或个人使用。
三、Helm的安装
1)创建helm目录并下载helm(需要主机提前配置科学上网)
]# mkdir helm
]# cd helm
]# curl -L https://git.io/get_helm.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 7160 100 7160 0 0 3692 0 0:00:01 0:00:01 --:--:-- 19724
Downloading https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
Preparing to install helm and tiller into /usr/local/bin
helm installed into /usr/local/bin/helm
tiller installed into /usr/local/bin/tiller
Run 'helm init' to configure helm.
2)创建Tiller的Service Account
]# vim helm-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
]# kubectl apply -f helm-rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
3)初始化Helm
]# helm init --service-account=tiller --history-max 300
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://charts.helm.sh/stable
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
4)查看Tiller资源信息
]# kubectl get deployment tiller-deploy -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
tiller-deploy 1/1 1 1 46s
]# kubectl describe deployment tiller-deploy -n kube-system
Name: tiller-deploy
Namespace: kube-system
CreationTimestamp: Thu, 29 Oct 2020 15:19:00 +0800
Labels: app=helm
name=tiller
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=helm,name=tiller
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=helm
name=tiller
Service Account: tiller
Containers:
tiller:
Image: ghcr.io/helm/tiller:v2.17.0
Ports: 44134/TCP, 44135/TCP
Host Ports: 0/TCP, 0/TCP
Liveness: http-get http://:44135/liveness delay=1s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:44135/readiness delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
TILLER_NAMESPACE: kube-system
TILLER_HISTORY_MAX: 300
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: tiller-deploy-6b4b6f686f (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 74s deployment-controller Scaled up replica set tiller-deploy-6b4b6f686f to 1
四、Helm常用命令
helm repo update # 更新使用的默认仓库的元数据信息
helm search # 列出stable仓库中维护的所有的Charts的列表
helm search redis # 添加搜索过滤条件,仅列出符合条件的Charts包
helm inspect stable/redis # 打印出指定的Charts详细信息
helm install stable/redis # 安装指定的Charts包
helm repo add stable url # 添加指定URL地址的Charts仓库
helm list # 列出已经安装生成的Release
helm delete redis # 删除指定的Release
helm rollback # 回滚指定的应用
helm upgrade # 升级指定的应用
helm history # 获取指定的Release变更的历史信息
五、使用Helm安装MySQL
1)添加Charts仓库地址
]# helm repo add stable http://mirror.azure.cn/kubernetes/charts/
"stable" has been added to your repositories
2)查看该仓库的包信息
]# helm search repo
NAME CHART VERSION APP VERSION DESCRIPTION
stable/jasperreports 7.0.11 7.2.0 DEPRECATED The JasperReports server can be used as a stan...
stable/artifactory 7.3.2 6.1.0 DEPRECATED Universal Repository Manager supporting all ma...
stable/artifactory-ha 0.4.2 6.2.0 DEPRECATED Universal Repository Manager supporting all ma...
stable/chartmuseum 2.14.0 0.12.0 Host your own Helm Chart Repository
stable/dmarc2logstash 1.3.1 1.0.3 DEPRECATED Provides a POP3-polled DMARC XML report inject...
stable/pgadmin 1.2.3 4.18.0 DEPRECATED - moved to new repo, see source for new location
stable/satisfy 1.1.0 3.0.4 Composer repo hosting with Satisfy
stable/sentry 4.3.0 9.1.2 Sentry is a cross-platform crash reporting and aggregatio...
stable/sonatype-nexus 1.23.1 3.20.1-01 DEPRECATED - Sonatype Nexus is an open source repository ...
3)创建MySQL的Charts所需要的PV存储
我这里使用的存储是另外一台NFS存储服务器,需要注意的是该PV的Label要与MySQL的Charts的所需的PVC的Label相同,StorageClass可与MySQL的PVC中的存储类相同都为空。
]# cat mysql-pv02.yaml
kind: PersistentVolume
apiVersion: v1
metadata:
name: mysql-data
labels:
app: good-manta-mysql
chart: mysql-1.6.7
heritage: Tiller
release: good-manta
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
nfs:
path: "/data/"
server: 172.16.2.250
]# kubectl apply -f mysql-pv02.yaml
persistentvolume/mysql-data created
4)安装MySQL
]# helm install stable/mysql
NAME: morbid-peacock
LAST DEPLOYED: Sun Nov 8 20:20:24 2020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
morbid-peacock-mysql-test 1 0s
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
morbid-peacock-mysql 0/1 1 0 0s
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
morbid-peacock-mysql Bound mysql-data 8Gi RWO 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
morbid-peacock-mysql-6c5b844676-m8rqg 0/1 Init:0/1 0 0s
==> v1/Secret
NAME TYPE DATA AGE
morbid-peacock-mysql Opaque 2 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
morbid-peacock-mysql ClusterIP 10.110.245.134 <none> 3306/TCP 0s
NOTES:
MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
morbid-peacock-mysql.default.svc.cluster.local
To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default morbid-peacock-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
To connect to your database:
1. Run an Ubuntu pod that you can use as a client:
kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
2. Install the mysql client:
$ apt-get update && apt-get install mysql-client -y
3. Connect using the mysql cli, then provide your password:
$ mysql -h morbid-peacock-mysql -p
To connect to your database directly from outside the K8s cluster:
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306
# Execute the following command to route the connection:
kubectl port-forward svc/morbid-peacock-mysql 3306
mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD}
5)查看MySQL的Pod与SVC状态
]# kubectl get svc | grep mysql
morbid-peacock-mysql ClusterIP 10.110.245.134 <none> 3306/TCP
]# kubectl get pods | grep mysql
morbid-peacock-mysql-6c5b844676-m8rqg 1/1 Running 0 17s
]# kubectl describe pods morbid-peacock-mysql-6c5b844676-m8rqg
Name: morbid-peacock-mysql-6c5b844676-m8rqg
Namespace: default
Priority: 0
Node: node2/172.16.2.202
Start Time: Sun, 08 Nov 2020 20:20:24 +0800
Labels: app=morbid-peacock-mysql
pod-template-hash=6c5b844676
release=morbid-peacock
Annotations: <none>
Status: Running
IP: 10.244.2.142
IPs:
IP: 10.244.2.142
Controlled By: ReplicaSet/morbid-peacock-mysql-6c5b844676
Init Containers:
remove-lost-found:
Container ID: docker://2b4448bdb21033c96794959207d3b5dd3d7c9ee77b1b215a6b551597bf854b51
Image: busybox:1.32
Image ID: docker-pullable://busybox@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Port: <none>
Host Port: <none>
Command:
rm
-fr
/var/lib/mysql/lost+found
State: Terminated
Reason: Completed
Exit Code: 0
Started: Sun, 08 Nov 2020 20:20:24 +0800
Finished: Sun, 08 Nov 2020 20:20:24 +0800
Ready: True
Restart Count: 0
Requests:
cpu: 10m
memory: 10Mi
Environment: <none>
Mounts:
/var/lib/mysql from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-47pch (ro)
Containers:
morbid-peacock-mysql:
Container ID: docker://2f3fdd44de53b39e7cd025fcfa1b9c88047e74d8dddd26e5c13b1c6d95982645
Image: mysql:5.7.30
Image ID: docker-pullable://mysql@sha256:32f9d9a069f7a735e28fd44ea944d53c61f990ba71460c5c183e610854ca4854
Port: 3306/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 08 Nov 2020 20:20:25 +0800
Ready: True
Restart Count: 0
Requests:
cpu: 100m
memory: 256Mi
Liveness: exec [sh -c mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}] delay=30s timeout=5s period=10s #success=1 #failure=3
Readiness: exec [sh -c mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}] delay=5s timeout=1s period=10s #success=1 #failure=3
Environment:
MYSQL_ROOT_PASSWORD: <set to the key 'mysql-root-password' in secret 'morbid-peacock-mysql'> Optional: false
MYSQL_PASSWORD: <set to the key 'mysql-password' in secret 'morbid-peacock-mysql'> Optional: true
MYSQL_USER:
MYSQL_DATABASE:
Mounts:
/var/lib/mysql from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-47pch (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: morbid-peacock-mysql
ReadOnly: false
default-token-47pch:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-47pch
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events: <none>
6)查看PV、PVC的状态
]# kubectl get pvc | grep mysql
morbid-peacock-mysql Bound mysql-data 8Gi RWO 29s
]# kubectl get pv | grep mysql
mysql-data 8Gi RWO Retain Bound default/morbid-peacock-mysql 41s
7)查看MySQL的Secret资源ROOT密码信息
]# kubectl get secret
NAME TYPE DATA AGE
default-token-47pch kubernetes.io/service-account-token 3 115d
ikubernetessecret kubernetes.io/tls 2 76d
morbid-peacock-mysql Opaque 2 65s
mysql-auth Opaque 2 69d
nginx-ssl kubernetes.io/tls 2 69d
ssh-key-secret Opaque 2 69d
]# MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default morbid-peacock-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
]# echo $MYSQL_ROOT_PASSWORD
5DHq5EM5M9
]# kubectl get pods -o wide | grep mysql
morbid-peacock-mysql-6c5b844676-m8rqg 1/1 Running 0 37h 10.244.2.142 node2 <none> <none>
8)启动一个测试Pod登录MySQL
]# kubectl run -i --tty centos2 --image=centos/mysql-57-centos7 --restart=Never -- bash -i
bash-4.2$ mysql -h10.244.2.142 -p # 输入MySQL的ROOT用户密码
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 26694
Server version: 5.7.30 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
9)创建库表
mysql> create database jyy charset utf8mb4;
Query OK, 1 row affected (0.01 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jyy |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql> use jyy;
Database changed
mysql> create table student(id int(20),name varchar(30));
Query OK, 0 rows affected (0.01 sec)
mysql> show tables;
+---------------+
| Tables_in_jyy |
+---------------+
| student |
+---------------+
1 row in set (0.00 sec)
10)查看NFS共享存储主机上的共享目录的数据信息
]# ls -lh /data/
total 185M
-rw------- 1 root root 61K Nov 10 07:37 127.0.0.1.log
-rw-r----- 1 systemd-bus-proxy ssh_keys 56 Nov 8 18:20 auto.cnf
-rw------- 1 systemd-bus-proxy ssh_keys 1.7K Nov 8 18:20 ca-key.pem
-rw-r--r-- 1 systemd-bus-proxy ssh_keys 1.1K Nov 8 18:20 ca.pem
-rw-r--r-- 1 systemd-bus-proxy ssh_keys 1.1K Nov 8 18:20 client-cert.pem
-rw------- 1 systemd-bus-proxy ssh_keys 1.7K Nov 8 18:20 client-key.pem
-rw-r----- 1 systemd-bus-proxy ssh_keys 1.4K Nov 8 18:20 ib_buffer_pool
-rw-r----- 1 systemd-bus-proxy ssh_keys 76M Nov 10 07:29 ibdata1
-rw-r----- 1 systemd-bus-proxy ssh_keys 48M Nov 10 07:29 ib_logfile0
-rw-r----- 1 systemd-bus-proxy ssh_keys 48M Nov 8 18:20 ib_logfile1
-rw-r----- 1 systemd-bus-proxy ssh_keys 12M Nov 8 18:21 ibtmp1
drwxr-x--- 2 systemd-bus-proxy ssh_keys 55 Nov 10 07:29 jyy
drwxr-x--- 2 systemd-bus-proxy ssh_keys 4.0K Nov 8 18:20 mysql
drwxr-x--- 2 systemd-bus-proxy ssh_keys 8.0K Nov 8 18:20 performance_schema
-rw------- 1 systemd-bus-proxy ssh_keys 1.7K Nov 8 18:20 private_key.pem
-rw-r--r-- 1 systemd-bus-proxy ssh_keys 452 Nov 8 18:20 public_key.pem
-rw-r--r-- 1 systemd-bus-proxy ssh_keys 1.1K Nov 8 18:20 server-cert.pem
-rw------- 1 systemd-bus-proxy ssh_keys 1.7K Nov 8 18:20 server-key.pem
drwxr-x--- 2 systemd-bus-proxy ssh_keys 8.0K Nov 8 18:20 sys
扫一扫
1135
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
